It's too easy for GitHub's dependabot vulnerability alerts to go unnoticed by developers. You have to check the dashboard for each independent project manually, which will inevitably not happen. GitHub will remind you that this dashboard exists upon using git push if known vulnerabilities are present, but not all developers use the git command line.
It would be handy if this bot could provide a daily ping of vulnerability count in the room (for multiple projects?), along with a link to the dependabot vulnerability dashboard for each.
It's too easy for GitHub's dependabot vulnerability alerts to go unnoticed by developers. You have to check the dashboard for each independent project manually, which will inevitably not happen. GitHub will remind you that this dashboard exists upon using
git pushif known vulnerabilities are present, but not all developers use thegitcommand line.It would be handy if this bot could provide a daily ping of vulnerability count in the room (for multiple projects?), along with a link to the dependabot vulnerability dashboard for each.